Parent

Class/Module Index [+]

Quicksearch

Rex::Exploitation::OpcodeDb::Client

This class implements a client interface to the Metasploit Opcode Database. It is intended to be used as a method of locating reliable return addresses given a set of executable files and a set of usable opcodes.

Attributes

last_xml[R]

Retrieves the last raw XML response to be processed.

server_host[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

server_port[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

server_uri[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

Public Class Methods

new(host = DefaultServerHost, port = DefaultServerPort, uri = DefaultServerUri) click to toggle source

Returns an instance of an initialized client that will use the supplied server values.

# File lib/rex/exploitation/opcodedb.rb, line 530
def initialize(host = DefaultServerHost, port = DefaultServerPort, uri = DefaultServerUri)
        self.server_host = host
        self.server_port = port
        self.server_uri  = uri
end

Public Instance Methods

disable_parse() click to toggle source

Disables response parsing.

# File lib/rex/exploitation/opcodedb.rb, line 539
def disable_parse
        @disable_parse = true
end
enable_parse() click to toggle source

Enables response parsing.

# File lib/rex/exploitation/opcodedb.rb, line 546
def enable_parse
        @disable_parse = false
end
groups() click to toggle source

Returns an array of Group instances.

# File lib/rex/exploitation/opcodedb.rb, line 560
def groups
        request('groups').map { |ent| Group.create(ent) }
end
locales() click to toggle source

Returns an array of Locale instances that are supported by the server.

# File lib/rex/exploitation/opcodedb.rb, line 641
def locales
        request('locales').map { |ent| Locale.create(ent) }
end
meta_types() click to toggle source

Returns an array of MetaType instances.

# File lib/rex/exploitation/opcodedb.rb, line 553
def meta_types
        request('meta_types').map { |ent| MetaType.create(ent) }
end
modules(filter = {}) click to toggle source

Returns an array of ImageModule instances. Image modules are version-specific, locale-specific, and operating system version specific image files. Modules have opcodes, segments, imports and exports associated with them. Optionally, a filter hash can be specified to limit the number of results returned from the database. If no filter hash is supplied, all modules will be returned.

LocaleNames (Array)

This hash element limits results to one or more specific locale by name.

PlatformNames (Array)

This hash element limits results to one or more specific platform by
name.

ModuleNames (Array)

This hash element limits results to one or more specific module by name.

Segments (Bool)

If this hash element is set to true, the segments associated with each
resulting module will be returned by the server.

Imports (Bool)

If this hash element is set to true, the imports associated with each
resulting module will be returned by the server.

Exports (Bool)

If this hash element is set to true, the exports associated with each
resulting module will be returned by the server.
# File lib/rex/exploitation/opcodedb.rb, line 634
def modules(filter = {})
        request('modules', filter).map { |ent| ImageModule.create(ent) }
end
platforms(filter = {}) click to toggle source

Returns an array of OsVersion instances. OS versions are associated with a particular operating system release (including service packs). Optionally, a filter hash can be passed to limit the number of results returned. If no filter hash is supplied, all results are returned.

Names (Array)

If this hash element is specified, only the operating systems that
contain one or more of the names specified will be returned.

Statistics (Bool)

If this hash element is set to true, the number of modules associated
with this matched operating system versions will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 594
def platforms(filter = {})
        request('platforms', filter).map { |ent| OsVersion.create(ent) }
end
search(filter = {}) click to toggle source

Returns an array of Opcode instances that match the filter limitations specified in the supplied filter hash. If no filter hash is specified, all opcodes will be returned (but are most likely going to be limited by the server). The filter hash limiters that can be specified are:

ModuleNames (Array)

This hash element limits results to one or more specific modules by
name.

GroupNames (Array)

This hash element limits results to one or more specific opcode group by
name.

TypeNames (Array)

This hash element limits results to one or more specific opcode type by
name.

MetaTypeNames (Array)

This hash element limits results to one or more specific opcode meta
type by name.

LocaleNames (Array)

Limits results to one or more specific locale by name.

PlatformNames (Array)

Limits reslts to one or more specific operating system version by name.

Addresses (Array)

Limits results to a specific set of addresses.

Portable (Bool)

If this hash element is true, opcode results will be limited to ones
that span more than one operating system version.
# File lib/rex/exploitation/opcodedb.rb, line 688
def search(filter = {})
        request('search', filter).map { |ent| Opcode.new(ent) }
end
statistics() click to toggle source

Returns an instance of the Statistics class that holds information about the server's database stats.

# File lib/rex/exploitation/opcodedb.rb, line 696
def statistics
        Statistics.new(request('statistics'))
end
types(filter = {}) click to toggle source

Returns an array of Type instances. Opcode types are specific opcodes, such as a jmp esp. Optionally, a filter hash can be passed to include extra information in the results.

Statistics (Bool)

If this hash element is set to true, the number of opcodes currently in
the database of this type will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 574
def types(filter = {})
        request('types', filter).map { |ent| Type.create(ent) }
end

Protected Instance Methods

parse_response(xml) click to toggle source

Translate the data type from a flat string to a ruby native type.

# File lib/rex/exploitation/opcodedb.rb, line 775
def parse_response(xml)
        @last_xml = xml

        if (!@disable_parse)
                source = REXML::Source.new(xml)
                doc    = REXML::Document.new

                REXML::Parsers::TreeParser.new(source, doc).parse

                translate_element(doc.root)
        end
end
request(method, opts = {}) click to toggle source

Transmits a request to the Opcode database server and translates the response into a native general ruby datatype.

# File lib/rex/exploitation/opcodedb.rb, line 717
def request(method, opts = {})
        client  = Rex::Proto::Http::Client.new(server_host, server_port)

        begin

                # Create the CGI parameter list
                vars = { 'method' => method }

                opts.each_pair do |k, v|
                        vars[k] = xlate_param(v)
                end

                client.set_config('uri_encode_mode' => 'none')

                # Initialize the request with the POST body.
                request = client.request_cgi(
                        'method'    => 'POST',
                        'uri'       => server_uri,
                        'vars_post' => vars
                )

                # Send the request and grab the response.
                response = client.send_recv(request, 300)

                # Non-200 return code?
                if (response.code != 200)
                        raise RuntimeError, "Invalid response received from server."
                end

                # Convert the return value to the native type.
                parse_response(response.body)
        rescue ::SocketError
                raise RuntimeError, "Could not communicate with the opcode service: #{$!.class} #{$!}"
        ensure
                client.close
        end
end
translate_element(element) click to toggle source

Translate elements conveyed as data types.

# File lib/rex/exploitation/opcodedb.rb, line 791
def translate_element(element)
        case element.name
                when "Array"
                        return element.elements.map { |child| translate_element(child) }
                when "Hash"
                        hsh = {}

                        element.each_element { |child|
                                if (e = child.elements[1])
                                        v = translate_element(e)
                                else
                                        v = child.text
                                end

                                hsh[child.attributes['name']] = v
                        }

                        return hsh
                else
                        return element.text
        end
end
xlate_param(v) click to toggle source

Translates a parameter into a flat CGI parameter string.

# File lib/rex/exploitation/opcodedb.rb, line 758
def xlate_param(v)
        if (v.kind_of?(Array))
                v.map { |ent|
                        xlate_param(ent)
                }.join(',,')
        elsif (v.kind_of?(Hash))
                v.map { |k,v|
                        "#{URI.escape(k)}:#{xlate_param(v)}" if (v)
                }.join(',,')
        else
                URI.escape(v.to_s)
        end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.